Broken Berry: RIM runs out of free passes

Like the other over-50% of smartphone-owning people in North America, I'm quite the fan of my BlackBerry. Even in an era when newer kids on the block -- namely Apple's iPhone and Google's Android -- garner more accolades and headlines for having slicker interfaces and cooler (and more) apps, the BlackBerry platform remains the safe, reliable choice that's good enough for most consumers and businesses. Despite analyst predictions that the BlackBerry will someday be reeled in by the upstarts, Research In Motion continues to grow and dominate the market it practically defined a decade ago.

We may want to revisit the "reliable" bit, though. After a week from hell marked by two highly publicized continent-wide outages, BlackBerry users are asking themselves whether this is the new normal, and why BlackBerry devices seem especially vulnerable to this kind of mass outage when competing platforms like iPhone and Android are not.

Centralization or distribution?

At issue is RIM's philosophy of routing messages through a centralized Network Operations Center (NOC). This architecture applies to BlackBerry Internet Service subscribers (corporate traffic routes through each company's own BlackBerry Enterprise Server), and allows RIM greater control over encryption and security than more distributed solutions.

This degree of centralization comes with a downside, however: Lose the NOC and you lose everything.

While the Internet was originally designed as a distributed network of networks that could keep functioning even if entire chunks were blown away by a global thermonuclear exchange, RIM's philosophy is more like the conventional data centers of old, where monolithic machines behind impermeable walls managed all traffic and processing. In doing so, they allowed companies to have maximum control of all consolidated resources because they could manage virtually everything from a single pane of glass. It was simple. As long as everything worked.

As it built a solution that allowed it to deliver a level of end-to-end encryption that its competitors could only dream of, RIM evolved its NOCs to scale to global proportions. With 36 million subscribers and climbing, its network of NOCs -- each one allocated to a broad geographic region -- scaled to meet this growing demand. When the first mass outages became front-page news in 2007, however, the BlackBerry's Achilles Heel became all too apparent. As the problem persists almost three years later, it's fair to ask if a little more -- or, perhaps, a lot more -- redundancy is called for.

The increasing irrelevance of security

The thing is, the average person walking into a carrier's retail outlet doesn't much care whether one device, platform, or service is an order of magnitude more secure than another. For all our discussion about keeping ourselves safe when we go online, about bulletproof online banking and about keeping the latest malware away from our machines, we still haven't adapted our day-to-day behaviors to reflect this new high-security reality. We still don't think It Can Happen to Us -- we still click "Go Here" links that friends send us via e-mail and Facebook, and we still update our banking on surreptitiously grabbed (because they're free) Wi-Fi connections at the local coffee shop.

We do so because we believe that security, in general, is fundamentally good enough. Whatever devices, applications, and services we choose to use, and however we decide to make use of them, the risk of something really horrid happening to us -- at least from our vantage point -- remains tolerably low. So despite the fact that BlackBerry has always been the one with the differentially robust security architecture, the alarming truth for RIM is that most mainstream consumers don't give platform security a huge amount of thought before they invest in it.

This is who I root for

I live not too far from RIM's Waterloo, Ontario, Canada headquarters and the company casts a broad shadow throughout the region. Since RIM is ultimately my hometown team, I'll admit to sitting by the sidelines and wishing the company could lick this issue and stop future outages from happening. But despite its robust growth to-date, I fear it's only a matter of time before users get fed up with these unannounced service interruptions and start seriously considering alternatives. Will they dump their BlackBerry devices en masse in the months to come? Hardly. But will they start to entertain alternatives for the day when their contract runs out and it's time to consider a replacement? Absolutely. It's a slowly evolving process that RIM wants to stop, cold, now.

Like Microsoft before it, RIM's image as the inviolable alternative for its existing customers will end sooner if it can't put these high-profile failures behind it. In the absence of a permanent solution, the loyalty of existing customers will loosen just enough to give competitors room to weasel in, while the impression of potential customers will be muddied by the potential for future failures...and the memory of recent ones.

There's no rule that says a given platform will remain dominant forever. Just as Microsoft is grappling with a new reality, where longstanding customers of its packaged Office productivity suite are ever-so-slowly starting to look at less expensive or online alternatives, RIM now finds itself catering to customers whose long-held allegiance to its platform is beginning to weaken in the face of more robust competition and a fast-evolving market demand that cares less about security than it does about ease of use and application availability. Headlines like this don't help matters.

As we lean more heavily on our mobile devices to manage our day-to-day workflow, having our connectivity simply removed for hours at a stretch, with nary a word from the vendor, itself becomes a security risk. When you're away from the office, your mobile device is your lifeline. As much as RIM wants customers to believe that encryption and centralized vendor control are the keys to an effective and safe mobile experience, customers beg to differ. Customers simply want it to work, and if the back-end technologies and processes aren't enough to keep widespread outages from happening, they'll happily go elsewhere to keep themselves connected and in business.

It's a radically different view of security than the one that RIM first laid out years ago, but one the company needs to both internalize and apply if it hopes to avoid flatlining in the year ahead. The proverbial clock is ticking.

Carmi Levy is a Canadian-based independent technology analyst and journalist still trying to live down his past life leading help desks and managing projects for large financial services organizations. He comments extensively in a wide range of media, and works closely with clients to help them leverage technology and social media tools and processes to drive their business.